Sunday, October 2, 2022
Home TECH Peiter Zatko: Meet the former Twitter executive who denounced the company

Peiter Zatko: Meet the former Twitter executive who denounced the company


New York
CNN Business

Nearly 25 years ago, a young computer programmer named Peiter “Mudge” Zatko told Congress that the Internet was woefully insecure. A big part of the problem, Zatko told a Senate panel, that software and e-commerce companies “want to ignore problems for as long as possible. It’s cheaper for them.”

Now, Zatko is once again sounding the alarm about online vulnerabilities, but this time he’s targeting one of his former employers.

In a roughly 200-page disclosure sent last month to US lawmakers and regulators, which was reported exclusively by CNN and the Washington Post on Tuesday, the former Twitter security executive alleged that the social media company has committed a series of security bugs that he says have misled Twitter’s board of directors, shareholders and the public.

Twitter entrusted too many employees with access to sensitive user data, creating a fragile security posture that an outsider could exploit to wreak havoc on the platform, Zatko’s disclosure alleges. It also claims that one or more current Twitter employees may be working for a foreign intelligence service, and that Twitter CEO Parag Agrawal misled the company’s board of directors by dissuading Zatko from providing a full account of weaknesses. Twitter security.

Twitter has rejected the accusations, saying security and privacy have “long been top priorities across the company.” The company added: “While we have not received a copy of any specific allegations, what we have seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context.”

With his decision to go public with his concerns, Zatko could find himself at the center of renewed regulatory scrutiny from Twitter, as happened when Frances Haugen blew the whistle on Facebook. (She is being represented by Whistleblower Aid, the same group that represented Haugen.) Zatko could also be involved in the successful legal battle between the company and billionaire Elon Musk, who is trying to get out of a $44 billion deal to buy Twitter. (Musk’s attorney said the billionaire’s legal team had already subpoenaed Zatko in the dispute with Twitter.)

Some of those who have worked alongside Zatko over the past three decades paint a picture of him as a principled technologist with a knack for making the complex accessible and a sincere desire to solve problems, as he has for much of of his career working with the public and private sector. The decision to blow the whistle, they say, is in keeping with that approach.

“He’s not doing this for fun. He brings you nothing,” said Dave Aitel, a former National Security Agency computer scientist and Zatko’s colleague at cybersecurity consultancy @stake. “This is what integrity looks like when you have to look at it up close.”

As a result of his whistleblower activities, Zatko may be eligible for a monetary reward from the US government. “Original, timely, and credible information leading to successful enforcement action” by the SEC can win whistleblowers. up to a 30% reduction in agency fines related to the action if the penalties total more than $1 million, the SEC said. The SEC has awarded more than $1 billion to nearly 300 whistleblowers since 2012.

Zatko filed his complaint with the SEC “to help the agency enforce the laws” and to gain federal whistleblower protection, John Tye, founder of Whistleblower Aid and an attorney for Zatko, told CNN. “The prospect of a reward was not a factor in [Zatko’s] decision and, in fact, he didn’t even know about the bounty program when he decided to become a legal whistleblower.”

Before joining Twitter, Zatko, now 51, ran an influential cybersecurity grant-making program at the Pentagon, worked at a Google division to develop cutting-edge technology, helped build the cybersecurity team at the fintech firm Stripe and advised US lawmakers and officials on how to plug internet security holes. Born in Alabama, where his father was a professor of chemistry at the University of Alabama in Tuscaloosa, Zatko told CNN that he started playing with technology like early Apple computers at a very young age.

His career has shown that “there was more to hacking than just outdoing each other, that there was actually a social good and an impact you could have,” said Dug Song, chief strategy officer at Cisco Security, who has known Zatko since 1990s

Twitter hired Zatko in November 2020 to beef up cybersecurity and privacy at the company in the wake of a high-profile attack, allegedly led by a Florida teenager, in July 2020 that compromised the Twitter accounts of some of the people most famous on the planet. , including then-presidential candidate Joe Biden. The top executive position meant Zatko reported directly to then-CEO Jack Dorsey, according to the disclosure.

Agrawal, Dorsey’s successor as head of Twitter, fired Zatko in January after he raised concerns about the company’s security and privacy practices, the disclosure says. (Twitter claims that he fired Zatko for poor performance.)

“This is something that should be of concern to everyone with large companies, which is the honesty and veracity of the data that is being publicly represented, the national security implications and whether users can trust these organizations with their data,” he said. Zatko to CNN. his decision to file a complaint with Congress and regulators about Twitter’s alleged security practices.

Before cutting his hair and donning a suit, Zatko joined the Boston-area hacker collective known as L0pht in the mid-1990s, according to “The Cult of the Dead Cow,” the book by Washington Post reporter Joseph Menn on how the initial hacking scene shaped the cybersecurity industry.

Members of L0pht broke into computer systems and then worked with companies that made the equipment to fix the problems. What is now well-established practice for companies to work with outside researchers to fix software flaws was seen as provocative and annoying to the software giants at the time.

Zatko “ruled the industry to his will,” Song told CNN. “L0pht created a model of how to do this in a way that was, frankly, respectable and honorable.”

Zatko’s outspokenness and idealism were on full display when he appeared before the Senate with other L0pht members in 1998. “If you’re looking for computer security, then the Internet is not the place to be,” Zatko told senators. “If you think the government is giving you access to the technology you need to combat this problem, you’re wrong once again.”

Cris “Space Rogue” Thomas, another former L0pht member who tested alongside Zatko that day, said L0pht would do everything possible to get companies to collaboratively fix software problems the hacker group found.

Thomas, who like Zatko uses his “Space Rogue” hacker name professionally, said he and Zatko “have had our differences in the past,” adding that he was fired from @stake, the cybersecurity consultancy where Zatko was chief scientist, in 2000. “Feelings were hurt, but that doesn’t change the fact who [Zatko] is and what he believes and what he does. So I still think his moral standards haven’t really changed…in the 30 years I’ve known him.”

“This is normal for [Zatko]”, he said about the whistleblower’s complaint. “This is normal for L0pht. This is normal for the way we used to do things.”

In 2010, Zatko began working for the Defense Advanced Research Projects Agency (DARPA), the research and development arm of the Pentagon, which played a critical role in establishing the Internet as we know it. There, he ran a program that quickly raised money for cybersecurity researchers interested in finding and fixing vulnerabilities in computer systems found in cars and other critical infrastructure.

After starting at DARPA in 2010, Zatko called Song and other hackers to Booz Allen Hamilton’s office in Virginia for a brainstorming session, according to Song. A hacker known as the Hobbit, who invited Zatko, slept in a van outside the office and attended the meeting barefoot, Song said.

The ability to summon misfits and the army stayed with Song.

“In the core, [Zatko is] authentic to the hacker ethos in a way that not many people who have transitioned from our side into commercial or public service have been able to do without becoming corny [or] cheesy,” Song told CNN.

When he was hired to join Twitter, Zatko framed the move in terms of the public good. “I really believe in the mission of (equally) serving the public conversation,” he said. tweeted at the time. “I’ll do my best!”

Now, while taking to Twitter, Zatko can find himself in the public conversation like never before.

“This was not my first choice,” he told CNN. “This was not the path I wanted to take. I exhausted all internal options.”

“But I found that ethically, and with who I am, I was obligated to follow the law and seek through legal avenues, legal disclosure, because [Twitter] it is a critically important platform,” Zatko said. “I think it’s important to address some of these challenges. Honestly, I think I’m still doing the mission I was hired to do.”

– CNN’s Clare Duffy, Brian Fung and Donie O’Sullivan contributed to this report.


RELATED ARTICLES

Top 5 Water Leak Detectors (2022): Smart Water, Temperature, and Humidity Sensors

Here's what to keep in mind when buying smart leak detectors and installing them in your home.Placement and Sensors: Unless you have a single...

How to remove yourself from group text messages on iOS and Android

Anyone who's ever gotten caught up in a spam group text message knows how terrible it can be. His phone explodes out of...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

AR Rahman, Vijay Sethupathi, crew in the silent film ‘Gandhi Talks’

Vijay Sethupathi (“Vikram”), Aditi Rao Hydari (“Hey Sinamika”), Arvind Swami (“Thalaivi”) and Siddharth Jadhav (“Tamasha Live”) will star in the movie “Gandhi Talks”. While plot...

Walter Hill on his long career in the genre and ‘Dead for a Dollar’

With such films as "The Warriors," "48 Hrs.", "The Driver," "Hard Times" and "Streets of Fire," Walter Hill established a legacy as a master...

The biggest games launching in October 2022: Gotham Knights, Call Of Duty and much more

The products discussed here were independently chosen by our editors. GameSpot may get a portion of the proceeds if you purchase something featured...